a434b2bfc5
Resolves: rhbz#1976719
34 lines
1.1 KiB
Diff
34 lines
1.1 KiB
Diff
From cd2472e506dafb1bb8ae510e34ad4797f63e263e Mon Sep 17 00:00:00 2001
|
|
From: Bastien Nocera <hadess@hadess.net>
|
|
Date: Mon, 21 Jun 2021 15:00:14 +0200
|
|
Subject: [PATCH 2/2] net: Fix TLS cert validation not being done for any
|
|
network call
|
|
|
|
The default SoupSessionAsync behaviour does not perform any TLS certificate
|
|
validation, unless the ssl-use-system-ca-file property is set to true.
|
|
|
|
See https://blogs.gnome.org/mcatanzaro/2021/05/25/reminder-soupsessionsync-and-soupsessionasync-default-to-no-tls-certificate-verification/
|
|
|
|
This mitigates CVE-2016-20011.
|
|
|
|
Closes: #146
|
|
---
|
|
libs/net/grl-net-wc.c | 1 +
|
|
1 file changed, 1 insertion(+)
|
|
|
|
diff --git a/libs/net/grl-net-wc.c b/libs/net/grl-net-wc.c
|
|
index 5a8e89f..5ff1d17 100644
|
|
--- a/libs/net/grl-net-wc.c
|
|
+++ b/libs/net/grl-net-wc.c
|
|
@@ -314,6 +314,7 @@ grl_net_wc_init (GrlNetWc *wc)
|
|
wc->priv = grl_net_wc_get_instance_private (wc);
|
|
|
|
wc->priv->session = soup_session_async_new ();
|
|
+ g_object_set (G_OBJECT (wc->priv->session), "ssl-use-system-ca-file", TRUE, NULL);
|
|
wc->priv->pending = g_queue_new ();
|
|
|
|
set_thread_context (wc);
|
|
--
|
|
2.31.1
|
|
|